diff --git a/pkg/controller/gc.go b/pkg/controller/gc.go
index 7c795387286..d93ae1dfc36 100644
--- a/pkg/controller/gc.go
+++ b/pkg/controller/gc.go
@@ -546,7 +546,9 @@ func (c *Controller) gcLoadBalancer() error {
 
 func (c *Controller) gcPortGroup() error {
 	klog.Infof("start to gc network policy")
-	var npNames []string
+
+	npNames := make(map[string]struct{})
+
 	if c.config.EnableNP {
 		nps, err := c.npsLister.List(labels.Everything())
 		if err != nil {
@@ -554,18 +556,19 @@ func (c *Controller) gcPortGroup() error {
 			return err
 		}
 
-		npNames = make([]string, 0, len(nps))
 		for _, np := range nps {
-			npNames = append(npNames, fmt.Sprintf("%s/%s", np.Namespace, np.Name))
+			npNames[fmt.Sprintf("%s/%s", np.Namespace, np.Name)] = struct{}{}
 		}
+
 		// append node port group to npNames to avoid gc node port group
 		nodes, err := c.nodesLister.List(labels.Everything())
 		if err != nil {
 			klog.Errorf("failed to list nodes, %v", err)
 			return err
 		}
+
 		for _, node := range nodes {
-			npNames = append(npNames, fmt.Sprintf("%s/%s", "node", node.Name))
+			npNames[fmt.Sprintf("%s/%s", "node", node.Name)] = struct{}{}
 		}
 
 		// append overlay subnets port group to npNames to avoid gc distributed subnets port group
@@ -578,22 +581,30 @@ func (c *Controller) gcPortGroup() error {
 			if subnet.Spec.Vpc != util.DefaultVpc || (subnet.Spec.Vlan != "" && !subnet.Spec.LogicalGateway) || subnet.Name == c.config.NodeSwitch || subnet.Spec.GatewayType != kubeovnv1.GWDistributedType {
 				continue
 			}
+
 			for _, node := range nodes {
-				npNames = append(npNames, fmt.Sprintf("%s/%s", subnet.Name, node.Name))
+				npNames[fmt.Sprintf("%s/%s", subnet.Name, node.Name)] = struct{}{}
 			}
 		}
 	}
 
-	pgs, err := c.ovnLegacyClient.ListNpPortGroup()
+	// list all np port groups which externalIDs[np]!=""
+	pgs, err := c.ovnClient.ListPortGroups(map[string]string{networkPolicyKey: ""})
 	if err != nil {
-		klog.Errorf("failed to list port-group, %v", err)
+		klog.Errorf("list np port group: %v", err)
 		return err
 	}
+
 	for _, pg := range pgs {
-		if !c.config.EnableNP || !util.IsStringIn(fmt.Sprintf("%s/%s", pg.NpNamespace, pg.NpName), npNames) {
+		np := strings.Split(pg.ExternalIDs[networkPolicyKey], "/")
+		npNamespace := np[0]
+		npName := np[1]
+
+		if _, ok := npNames[fmt.Sprintf("%s/%s", npNamespace, npName)]; !c.config.EnableNP || !ok {
 			klog.Infof("gc port group %s", pg.Name)
-			if err := c.handleDeleteNp(fmt.Sprintf("%s/%s", pg.NpNamespace, pg.NpName)); err != nil {
-				klog.Errorf("failed to gc np %s/%s, %v", pg.NpNamespace, pg.NpName, err)
+
+			if err := c.handleDeleteNp(fmt.Sprintf("%s/%s", npNamespace, npName)); err != nil {
+				klog.Errorf("gc np %s/%s, %v", npNamespace, npName, err)
 				return err
 			}
 		}
diff --git a/pkg/controller/network_policy.go b/pkg/controller/network_policy.go
index ccccb7bd7b9..45737964cb9 100644
--- a/pkg/controller/network_policy.go
+++ b/pkg/controller/network_policy.go
@@ -185,27 +185,31 @@ func (c *Controller) handleUpdateNp(key string) error {
 	// TODO: ovn acl doesn't support address_set name with '-', now we replace '-' by '.'.
 	// This may cause conflict if two np with name test-np and test.np. Maybe hash is a better solution,
 	// but we do not want to lost the readability now.
-	pgName := strings.Replace(fmt.Sprintf("%s.%s", npName, np.Namespace), "-", ".", -1)
-	ingressAllowAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.ingress.allow", npName, np.Namespace), "-", ".", -1)
-	ingressExceptAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.ingress.except", npName, np.Namespace), "-", ".", -1)
-	egressAllowAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.egress.allow", npName, np.Namespace), "-", ".", -1)
-	egressExceptAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.egress.except", npName, np.Namespace), "-", ".", -1)
-
-	if err = c.ovnLegacyClient.CreateNpPortGroup(pgName, np.Namespace, npName); err != nil {
-		klog.Errorf("failed to create port group for np %s, %v", key, err)
+	pgName := strings.Replace(fmt.Sprintf("%s.%s", np.Name, np.Namespace), "-", ".", -1)
+	ingressAllowAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.ingress.allow", np.Name, np.Namespace), "-", ".", -1)
+	ingressExceptAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.ingress.except", np.Name, np.Namespace), "-", ".", -1)
+	egressAllowAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.egress.allow", np.Name, np.Namespace), "-", ".", -1)
+	egressExceptAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.egress.except", np.Name, np.Namespace), "-", ".", -1)
+
+	// delete existing pg to update acl
+	if err = c.ovnClient.DeletePortGroup(pgName); err != nil {
+		klog.Errorf("delete port group %s before networkpolicy update process: %v", pgName, err)
+	}
+
+	if err = c.ovnClient.CreatePortGroup(pgName, map[string]string{networkPolicyKey: np.Namespace + "/" + np.Name}); err != nil {
+		klog.Errorf("create port group for np %s: %v", key, err)
 		return err
 	}
 
 	namedPortMap := c.namedPort.GetNamedPortByNs(np.Namespace)
 	ports, err := c.fetchSelectedPorts(np.Namespace, &np.Spec.PodSelector)
 	if err != nil {
-		klog.Errorf("failed to fetch ports, %v", err)
+		klog.Errorf("fetch ports belongs to np %s: %v", key, err)
 		return err
 	}
 
-	err = c.ovnLegacyClient.SetPortsToPortGroup(pgName, ports)
-	if err != nil && !strings.Contains(err.Error(), "not found") {
-		klog.Errorf("failed to set port group, %v", err)
+	if err := c.ovnClient.PortGroupAddPorts(pgName, ports...); err != nil {
+		klog.Errorf("add ports to port group %s: %v", pgName, err)
 		return err
 	}
 
@@ -248,7 +252,7 @@ func (c *Controller) handleUpdateNp(key string) error {
 	}
 
 	var ingressAclCmd []string
-	exist, err := c.ovnLegacyClient.PortGroupExists(pgName)
+	exist, err := c.ovnClient.PortGroupExists(pgName)
 	if err != nil {
 		klog.Errorf("failed to query np %s port group, %v", key, err)
 		return err
@@ -391,7 +395,7 @@ func (c *Controller) handleUpdateNp(key string) error {
 	}
 
 	var egressAclCmd []string
-	exist, err = c.ovnLegacyClient.PortGroupExists(pgName)
+	exist, err = c.ovnClient.PortGroupExists(pgName)
 	if err != nil {
 		klog.Errorf("failed to query np %s port group, %v", key, err)
 		return err
@@ -539,9 +543,9 @@ func (c *Controller) handleDeleteNp(key string) error {
 		npName = "np" + name
 	}
 
-	pgName := strings.Replace(fmt.Sprintf("%s.%s", npName, namespace), "-", ".", -1)
-	if err := c.ovnLegacyClient.DeletePortGroup(pgName); err != nil {
-		klog.Errorf("failed to delete np %s port group, %v", key, err)
+	pgName := strings.Replace(fmt.Sprintf("%s.%s", name, namespace), "-", ".", -1)
+	if err = c.ovnClient.DeletePortGroup(pgName); err != nil {
+		klog.Errorf("delete np %s port group: %v", key, err)
 	}
 
 	svcAsNames, err := c.ovnLegacyClient.ListNpAddressSet(namespace, npName, "service")
diff --git a/pkg/controller/node.go b/pkg/controller/node.go
index c4d0c48e411..21039c326c7 100644
--- a/pkg/controller/node.go
+++ b/pkg/controller/node.go
@@ -336,8 +336,8 @@ func (c *Controller) handleAddNode(key string) error {
 
 	// ovn acl doesn't support address_set name with '-', so replace '-' by '.'
 	pgName := strings.Replace(node.Annotations[util.PortNameAnnotation], "-", ".", -1)
-	if err := c.ovnLegacyClient.CreateNpPortGroup(pgName, "node", key); err != nil {
-		klog.Errorf("failed to create port group %s for node %s: %v", pgName, key, err)
+	if err = c.ovnClient.CreatePortGroup(pgName, map[string]string{networkPolicyKey: "node" + "/" + key}); err != nil {
+		klog.Errorf("create port group %s for node %s: %v", pgName, key, err)
 		return err
 	}
 
@@ -461,10 +461,11 @@ func (c *Controller) handleDeleteNode(key string) error {
 
 	// ovn acl doesn't support address_set name with '-', so replace '-' by '.'
 	pgName := strings.Replace(portName, "-", ".", -1)
-	if err := c.ovnLegacyClient.DeletePortGroup(pgName); err != nil {
-		klog.Errorf("failed to delete port group %s for node, %v", portName, err)
+	if err := c.ovnClient.DeletePortGroup(pgName); err != nil {
+		klog.Errorf("delete port group %s for node: %v", portName, err)
 		return err
 	}
+
 	if err := c.deletePolicyRouteForNode(key); err != nil {
 		klog.Errorf("failed to delete policy route for node %s: %v", key, err)
 		return err
@@ -917,27 +918,12 @@ func (c *Controller) fetchPodsOnNode(nodeName string, pods []*v1.Pod) ([]string,
 	return ports, nil
 }
 
-func (c *Controller) checkPodsChangedOnNode(pgName string, nameIdMap map[string]string, pgPorts, ports []string) (bool, error) {
-	for _, port := range ports {
-		if portId, ok := nameIdMap[port]; ok {
-			if !util.IsStringIn(portId, pgPorts) {
-				klog.Infof("pod on node changed, new added port %v should add to node port group %v", port, pgName)
-				return true, nil
-			}
-		}
-	}
-
-	return false, nil
-}
-
 func (c *Controller) CheckNodePortGroup() {
 	if err := c.checkAndUpdateNodePortGroup(); err != nil {
-		klog.Errorf("failed to check node port-group status, %v", err)
+		klog.Errorf("check node port group status: %v", err)
 	}
 }
 
-var lastNpExists = make(map[string]bool)
-
 func (c *Controller) checkAndUpdateNodePortGroup() error {
 	klog.V(3).Infoln("start to check node port-group status")
 	np, _ := c.npsLister.List(labels.Everything())
@@ -945,25 +931,13 @@ func (c *Controller) checkAndUpdateNodePortGroup() error {
 
 	nodes, err := c.nodesLister.List(labels.Everything())
 	if err != nil {
-		klog.Errorf("failed to list nodes, %v", err)
+		klog.Errorf("list nodes: %v", err)
 		return err
 	}
 
 	pods, err := c.podsLister.List(labels.Everything())
 	if err != nil {
-		klog.Errorf("failed to list pods, %v", err)
-		return err
-	}
-
-	nameIdMap, _, err := c.ovnLegacyClient.ListLspForNodePortgroup()
-	if err != nil {
-		klog.Errorf("failed to list lsp info, %v", err)
-		return err
-	}
-
-	namePortsMap, err := c.ovnLegacyClient.ListPgPortsForNodePortgroup()
-	if err != nil {
-		klog.Errorf("failed to list port-group info, %v", err)
+		klog.Errorf("list pods, %v", err)
 		return err
 	}
 
@@ -983,32 +957,14 @@ func (c *Controller) checkAndUpdateNodePortGroup() error {
 		}
 		nodeIP := strings.Trim(fmt.Sprintf("%s,%s", nodeIPv4, nodeIPv6), ",")
 
-		ports, err := c.fetchPodsOnNode(node.Name, pods)
+		nodePorts, err := c.fetchPodsOnNode(node.Name, pods)
 		if err != nil {
-			klog.Errorf("failed to fetch pods for node %v, %v", node.Name, err)
+			klog.Errorf("fetch pods for node %v: %v", node.Name, err)
 			return err
 		}
 
-		changed, err := c.checkPodsChangedOnNode(pgName, nameIdMap, namePortsMap[pgName], ports)
-		if err != nil {
-			klog.Errorf("failed to check pod status for node %v, %v", node.Name, err)
-			continue
-		}
-
-		if lastNpExists[node.Name] != networkPolicyExists {
-			klog.Infof("networkpolicy num changed when check nodepg %v", pgName)
-			changed = true
-		}
-
-		if !changed {
-			klog.V(3).Infof("pods on node %v do not changed", node.Name)
-			continue
-		}
-		lastNpExists[node.Name] = networkPolicyExists
-
-		err = c.ovnLegacyClient.SetPortsToPortGroup(pgName, ports)
-		if err != nil {
-			klog.Errorf("failed to set port group for node %v, %v", node.Name, err)
+		if err := c.ovnClient.PortGroupAddPorts(pgName, nodePorts...); err != nil {
+			klog.Errorf("add ports to port group %s: %v", pgName, err)
 			return err
 		}
 
@@ -1123,7 +1079,7 @@ func (c *Controller) checkPolicyRouteExistForNode(nodeName, cidr, nexthop string
 func (c *Controller) deletePolicyRouteForNode(nodeName string) error {
 	subnets, err := c.subnetsLister.List(labels.Everything())
 	if err != nil {
-		klog.Errorf("failed to get subnets %v", err)
+		klog.Errorf("get subnets: %v", err)
 		return err
 	}
 
@@ -1134,14 +1090,14 @@ func (c *Controller) deletePolicyRouteForNode(nodeName string) error {
 
 		if subnet.Spec.GatewayType == kubeovnv1.GWDistributedType {
 			pgName := getOverlaySubnetsPortGroupName(subnet.Name, nodeName)
-			if err = c.ovnLegacyClient.DeletePortGroup(pgName); err != nil {
-				klog.Errorf("failed to delete port group for subnet %s and node %s, %v", subnet.Name, nodeName, err)
+			if err = c.ovnClient.DeletePortGroup(pgName); err != nil {
+				klog.Errorf("delete port group for subnet %s and node %s: %v", subnet.Name, nodeName, err)
 				return err
 			}
 
 			klog.Infof("delete policy route for distributed subnet %s, node %s", subnet.Name, nodeName)
 			if err = c.deletePolicyRouteForDistributedSubnet(subnet, nodeName); err != nil {
-				klog.Errorf("failed to delete policy route for subnet %s and node %s, %v", subnet.Name, nodeName, err)
+				klog.Errorf("delete policy route for subnet %s and node %s: %v", subnet.Name, nodeName, err)
 				return err
 			}
 		}
diff --git a/pkg/controller/pod.go b/pkg/controller/pod.go
index e0dde040083..47fa553fa41 100644
--- a/pkg/controller/pod.go
+++ b/pkg/controller/pod.go
@@ -990,7 +990,6 @@ func (c *Controller) handleUpdatePodSecurity(key string) error {
 	}
 	return nil
 }
-
 func (c *Controller) syncKubeOvnNet(pod *v1.Pod, podNets []*kubeovnNet) error {
 	podName := c.getNameByPod(pod)
 	key := fmt.Sprintf("%s/%s", pod.Namespace, podName)
diff --git a/pkg/controller/security_group.go b/pkg/controller/security_group.go
index efc7542c015..e147f62217b 100644
--- a/pkg/controller/security_group.go
+++ b/pkg/controller/security_group.go
@@ -167,12 +167,19 @@ func (c *Controller) processNextDeleteSgWorkItem() bool {
 }
 
 func (c *Controller) initDenyAllSecurityGroup() error {
-	if err := c.ovnLegacyClient.CreateSgPortGroup(util.DenyAllSecurityGroup); err != nil {
+	pgName := ovs.GetSgPortGroupName(util.DenyAllSecurityGroup)
+	if err := c.ovnClient.CreatePortGroup(pgName, map[string]string{
+		"type": "security_group",
+		sgKey:  util.DenyAllSecurityGroup,
+	}); err != nil {
+		klog.Errorf("create port group for sg %s: %v", util.DenyAllSecurityGroup, err)
 		return err
 	}
+
 	if err := c.ovnLegacyClient.CreateSgDenyAllACL(); err != nil {
 		return err
 	}
+
 	c.addOrUpdateSgQueue.Add(util.DenyAllSecurityGroup)
 	return nil
 }
@@ -182,7 +189,7 @@ func (c *Controller) updateDenyAllSgPorts() error {
 	// list all lsp which security_groups is not empty
 	lsps, err := c.ovnClient.ListNormalLogicalSwitchPorts(true, map[string]string{sgsKey: ""})
 	if err != nil {
-		klog.Errorf("failed to find logical port, %v", err)
+		klog.Errorf("list logical switch ports with security_groups is not empty: %v", err)
 		return err
 	}
 
@@ -254,9 +261,15 @@ func (c *Controller) handleAddOrUpdateSg(key string) error {
 		return err
 	}
 
-	if err = c.ovnLegacyClient.CreateSgPortGroup(sg.Name); err != nil {
-		return fmt.Errorf("failed to create sg port_group %s, %v", key, err.Error())
+	pgName := ovs.GetSgPortGroupName(sg.Name)
+	if err := c.ovnClient.CreatePortGroup(pgName, map[string]string{
+		"type": "security_group",
+		sgKey:  sg.Name,
+	}); err != nil {
+		klog.Errorf("create port group for sg %s: %v", sg.Name, err)
+		return err
 	}
+
 	if err = c.ovnLegacyClient.CreateSgAssociatedAddressSet(sg.Name); err != nil {
 		return fmt.Errorf("failed to create sg associated address_set %s, %v", key, err.Error())
 	}
@@ -378,7 +391,13 @@ func (c *Controller) patchSgStatus(sg *kubeovnv1.SecurityGroup) {
 func (c *Controller) handleDeleteSg(key string) error {
 	c.sgKeyMutex.Lock(key)
 	defer c.sgKeyMutex.Unlock(key)
-	return c.ovnLegacyClient.DeleteSgPortGroup(key)
+
+	if err := c.ovnClient.DeleteSecurityGroup(key); err != nil {
+		klog.Errorf("delete sg %s: %v", key, err)
+		return err
+	}
+
+	return nil
 }
 
 func (c *Controller) syncSgLogicalPort(key string) error {
@@ -420,14 +439,16 @@ func (c *Controller) syncSgLogicalPort(key string) error {
 		}
 	}
 
-	if err = c.ovnLegacyClient.SetPortsToPortGroup(sg.Status.PortGroup, ports); err != nil {
-		klog.Errorf("failed to set port to sg, %v", err)
+	if err := c.ovnClient.PortGroupAddPorts(sg.Status.PortGroup, ports...); err != nil {
+		klog.Errorf("add ports to port group %s: %v", sg.Status.PortGroup, err)
 		return err
 	}
+
 	if err = c.ovnLegacyClient.SetAddressesToAddressSet(v4s, ovs.GetSgV4AssociatedName(key)); err != nil {
 		klog.Errorf("failed to set address_set, %v", err)
 		return err
 	}
+
 	if err = c.ovnLegacyClient.SetAddressesToAddressSet(v6s, ovs.GetSgV6AssociatedName(key)); err != nil {
 		klog.Errorf("failed to set address_set, %v", err)
 		return err
diff --git a/pkg/controller/subnet.go b/pkg/controller/subnet.go
index 73307cd9c3f..56b99f8fb15 100644
--- a/pkg/controller/subnet.go
+++ b/pkg/controller/subnet.go
@@ -1415,12 +1415,6 @@ func (c *Controller) reconcileOvnDefaultVpcRoute(subnet *kubeovnv1.Subnet) error
 				}
 			}
 
-			nameIdMap, idNameMap, err := c.ovnLegacyClient.ListLspForNodePortgroup()
-			if err != nil {
-				klog.Errorf("failed to list lsp info, %v", err)
-				return err
-			}
-
 			for _, pod := range pods {
 				if !isPodAlive(pod) {
 					continue
@@ -1478,38 +1472,27 @@ func (c *Controller) reconcileOvnDefaultVpcRoute(subnet *kubeovnv1.Subnet) error
 
 				pgName := getOverlaySubnetsPortGroupName(subnet.Name, pod.Spec.NodeName)
 				c.ovnPgKeyMutex.Lock(pgName)
-				pgPorts, err := c.getPgPorts(idNameMap, pgName)
-				if err != nil {
-					c.ovnPgKeyMutex.Unlock(pgName)
-					klog.Errorf("failed to fetch ports for pg %v, %v", pgName, err)
-					return err
-				}
 
 				portsToAdd := make([]string, 0, len(podPorts))
 				for _, port := range podPorts {
-					if _, ok := nameIdMap[port]; !ok {
+					exist, err := c.ovnClient.LogicalSwitchPortExists(port)
+					if err != nil {
+						return err
+					}
+
+					if exist {
 						klog.Errorf("lsp does not exist for pod %v, please delete the pod and retry", port)
 						continue
 					}
 
-					if _, ok := pgPorts[port]; !ok {
-						portsToAdd = append(portsToAdd, port)
-					}
+					portsToAdd = append(portsToAdd, port)
 				}
 
-				if len(portsToAdd) != 0 {
-					klog.Infof("new port %v should be added to port group %s", portsToAdd, pgName)
-					newPgPorts := make([]string, len(portsToAdd), len(portsToAdd)+len(pgPorts))
-					copy(newPgPorts, portsToAdd)
-					for port := range pgPorts {
-						newPgPorts = append(newPgPorts, port)
-					}
-					if err = c.ovnLegacyClient.SetPortsToPortGroup(pgName, newPgPorts); err != nil {
-						c.ovnPgKeyMutex.Unlock(pgName)
-						klog.Errorf("failed to set ports to port group %v, %v", pgName, err)
-						return err
-					}
+				if err := c.ovnClient.PortGroupAddPorts(pgName, portsToAdd...); err != nil {
+					klog.Errorf("add ports to port group %s: %v", pgName, err)
+					return err
 				}
+
 				c.ovnPgKeyMutex.Unlock(pgName)
 			}
 			return nil
@@ -2114,23 +2097,6 @@ func (c *Controller) checkGwNodeExists(gatewayNode string) bool {
 	return found
 }
 
-func (c *Controller) getPgPorts(idNameMap map[string]string, pgName string) (map[string]struct{}, error) {
-	pgPorts, err := c.ovnLegacyClient.ListPgPorts(pgName)
-	if err != nil {
-		klog.Errorf("failed to fetch ports for pg %v, %v", pgName, err)
-		return nil, err
-	}
-
-	result := make(map[string]struct{}, len(pgPorts))
-	for _, portId := range pgPorts {
-		if portName, ok := idNameMap[portId]; ok {
-			result[portName] = struct{}{}
-		}
-	}
-
-	return result, nil
-}
-
 func (c *Controller) addCommonRoutesForSubnet(subnet *kubeovnv1.Subnet) error {
 	for _, cidr := range strings.Split(subnet.Spec.CIDRBlock, ",") {
 		if cidr == "" {
@@ -2185,10 +2151,11 @@ func (c *Controller) createPortGroupForDistributedSubnet(node *v1.Node, subnet *
 	}
 
 	pgName := getOverlaySubnetsPortGroupName(subnet.Name, node.Name)
-	if err := c.ovnLegacyClient.CreateNpPortGroup(pgName, subnet.Name, node.Name); err != nil {
-		klog.Errorf("failed to create port group for subnet %s and node %s, %v", subnet.Name, node.Name, err)
+	if err := c.ovnClient.CreatePortGroup(pgName, map[string]string{networkPolicyKey: subnet.Name + "/" + node.Name}); err != nil {
+		klog.Errorf("create port group for subnet %s and node %s: %v", subnet.Name, node.Name, err)
 		return err
 	}
+
 	return nil
 }
 
@@ -2349,18 +2316,18 @@ func (c *Controller) deletePolicyRouteByGatewayType(subnet *kubeovnv1.Subnet, ga
 	if gatewayType == kubeovnv1.GWDistributedType {
 		nodes, err := c.nodesLister.List(labels.Everything())
 		if err != nil {
-			klog.Errorf("failed to list nodes: %v", err)
+			klog.Errorf("list nodes: %v", err)
 			return err
 		}
 		for _, node := range nodes {
 			pgName := getOverlaySubnetsPortGroupName(subnet.Name, node.Name)
-			if err = c.ovnLegacyClient.DeletePortGroup(pgName); err != nil {
-				klog.Errorf("failed to delete port group for subnet %s and node %s, %v", subnet.Name, node.Name, err)
+			if err = c.ovnClient.DeletePortGroup(pgName); err != nil {
+				klog.Errorf("delete port group for subnet %s and node %s: %v", subnet.Name, node.Name, err)
 				return err
 			}
 
 			if err = c.deletePolicyRouteForDistributedSubnet(subnet, node.Name); err != nil {
-				klog.Errorf("failed to delete policy route for subnet %s and node %s, %v", subnet.Name, node.Name, err)
+				klog.Errorf("delete policy route for subnet %s and node %s: %v", subnet.Name, node.Name, err)
 				return err
 			}
 		}
@@ -2369,7 +2336,7 @@ func (c *Controller) deletePolicyRouteByGatewayType(subnet *kubeovnv1.Subnet, ga
 	if gatewayType == kubeovnv1.GWCentralizedType {
 		klog.Infof("delete policy route for centralized subnet %s", subnet.Name)
 		if err := c.deletePolicyRouteForCentralizedSubnet(subnet); err != nil {
-			klog.Errorf("failed to delete policy route for subnet %s, %v", subnet.Name, err)
+			klog.Errorf("delete policy route for subnet %s: %v", subnet.Name, err)
 			return err
 		}
 	}
diff --git a/pkg/ovs/ovn-nbctl-legacy.go b/pkg/ovs/ovn-nbctl-legacy.go
index 7bc441e87d6..0512fff4fa7 100644
--- a/pkg/ovs/ovn-nbctl-legacy.go
+++ b/pkg/ovs/ovn-nbctl-legacy.go
@@ -741,70 +741,6 @@ func (c LegacyClient) SetPrivateLogicalSwitch(ls, cidr string, allow []string) e
 	return err
 }
 
-func (c LegacyClient) CreateNpPortGroup(pgName, npNs, npName string) error {
-	output, err := c.ovnNbCommand(
-		"--data=bare", "--no-heading", "--columns=_uuid", "find", "port_group", fmt.Sprintf("name=%s", pgName))
-	if err != nil {
-		klog.Errorf("failed to find port_group %s: %v, %q", pgName, err, output)
-		return err
-	}
-	if output != "" {
-		return nil
-	}
-	_, err = c.ovnNbCommand(
-		"pg-add", pgName,
-		"--", "set", "port_group", pgName, fmt.Sprintf("external_ids:np=%s/%s", npNs, npName),
-	)
-	return err
-}
-
-func (c LegacyClient) DeletePortGroup(pgName string) error {
-	output, err := c.ovnNbCommand(
-		"--data=bare", "--no-heading", "--columns=_uuid", "find", "port_group", fmt.Sprintf("name=%s", pgName))
-	if err != nil {
-		klog.Errorf("failed to find port_group %s: %v, %q", pgName, err, output)
-		return err
-	}
-	if output == "" {
-		return nil
-	}
-
-	_, err = c.ovnNbCommand("pg-del", pgName)
-	return err
-}
-
-type portGroup struct {
-	Name        string
-	NpName      string
-	NpNamespace string
-}
-
-func (c LegacyClient) ListNpPortGroup() ([]portGroup, error) {
-	output, err := c.ovnNbCommand("--data=bare", "--format=csv", "--no-heading", "--columns=name,external_ids", "find", "port_group", "external_ids:np!=[]")
-	if err != nil {
-		klog.Errorf("failed to list logical port-group, %v", err)
-		return nil, err
-	}
-	lines := strings.Split(output, "\n")
-	result := make([]portGroup, 0, len(lines))
-	for _, l := range lines {
-		if len(strings.TrimSpace(l)) == 0 {
-			continue
-		}
-		parts := strings.Split(strings.TrimSpace(l), ",")
-		if len(parts) != 2 {
-			continue
-		}
-		name := strings.TrimSpace(parts[0])
-		np := strings.Split(strings.TrimPrefix(strings.TrimSpace(parts[1]), "np="), "/")
-		if len(np) != 2 {
-			continue
-		}
-		result = append(result, portGroup{Name: name, NpNamespace: np[0], NpName: np[1]})
-	}
-	return result, nil
-}
-
 func (c LegacyClient) CreateAddressSet(name string) error {
 	output, err := c.ovnNbCommand("--data=bare", "--no-heading", "--columns=_uuid", "find", "address_set", fmt.Sprintf("name=%s", name))
 	if err != nil {
@@ -1122,82 +1058,6 @@ func (c LegacyClient) DeleteAclForNodePg(pgName string) error {
 	return nil
 }
 
-func (c LegacyClient) ListPgPorts(pgName string) ([]string, error) {
-	output, err := c.ovnNbCommand("--format=csv", "--data=bare", "--no-heading", "--columns=ports", "find", "port_group", fmt.Sprintf("name=%s", pgName))
-	if err != nil {
-		klog.Errorf("failed to list port-group ports, %v", err)
-		return nil, err
-	}
-	lines := strings.Split(output, "\n")
-	result := make([]string, 0, len(lines))
-	for _, l := range lines {
-		if len(strings.TrimSpace(l)) == 0 {
-			continue
-		}
-		result = append(result, strings.Fields(l)...)
-	}
-	return result, nil
-}
-
-func (c LegacyClient) ListLspForNodePortgroup() (map[string]string, map[string]string, error) {
-	output, err := c.ovnNbCommand("--data=bare", "--format=csv", "--no-heading", "--columns=name,_uuid", "list", "logical_switch_port")
-	if err != nil {
-		klog.Errorf("failed to list logical-switch-port, %v", err)
-		return nil, nil, err
-	}
-	lines := strings.Split(output, "\n")
-	nameIdMap := make(map[string]string, len(lines))
-	idNameMap := make(map[string]string, len(lines))
-	for _, l := range lines {
-		if len(strings.TrimSpace(l)) == 0 {
-			continue
-		}
-		parts := strings.Split(strings.TrimSpace(l), ",")
-		if len(parts) != 2 {
-			continue
-		}
-		name := strings.TrimSpace(parts[0])
-		uuid := strings.TrimSpace(parts[1])
-		nameIdMap[name] = uuid
-		idNameMap[uuid] = name
-	}
-	return nameIdMap, idNameMap, nil
-}
-
-func (c LegacyClient) ListPgPortsForNodePortgroup() (map[string][]string, error) {
-	output, err := c.ovnNbCommand("--data=bare", "--format=csv", "--no-heading", "--columns=name,ports", "list", "port_group")
-	if err != nil {
-		klog.Errorf("failed to list port_group, %v", err)
-		return nil, err
-	}
-	lines := strings.Split(output, "\n")
-	namePortsMap := make(map[string][]string, len(lines))
-	for _, l := range lines {
-		if len(strings.TrimSpace(l)) == 0 {
-			continue
-		}
-		parts := strings.Split(strings.TrimSpace(l), ",")
-		if len(parts) != 2 {
-			continue
-		}
-		name := strings.TrimSpace(parts[0])
-		ports := strings.Fields(parts[1])
-		namePortsMap[name] = ports
-	}
-
-	return namePortsMap, nil
-}
-
-func (c LegacyClient) SetPortsToPortGroup(portGroup string, portNames []string) error {
-	ovnArgs := []string{"clear", "port_group", portGroup, "ports"}
-	if len(portNames) > 0 {
-		ovnArgs = []string{"pg-set-ports", portGroup}
-		ovnArgs = append(ovnArgs, portNames...)
-	}
-	_, err := c.ovnNbCommand(ovnArgs...)
-	return err
-}
-
 func (c LegacyClient) SetAddressesToAddressSet(addresses []string, as string) error {
 	ovnArgs := []string{"clear", "address_set", as, "addresses"}
 	if len(addresses) > 0 {
@@ -1295,51 +1155,6 @@ func GetSgV6AssociatedName(sgName string) string {
 	return strings.Replace(fmt.Sprintf("ovn.sg.%s.associated.v6", sgName), "-", ".", -1)
 }
 
-func (c LegacyClient) CreateSgPortGroup(sgName string) error {
-	sgPortGroupName := GetSgPortGroupName(sgName)
-	output, err := c.ovnNbCommand(
-		"--data=bare", "--no-heading", "--columns=_uuid", "find", "port_group", fmt.Sprintf("name=%s", sgPortGroupName))
-	if err != nil {
-		klog.Errorf("failed to find port_group of sg %s: %v", sgPortGroupName, err)
-		return err
-	}
-	if output != "" {
-		return nil
-	}
-	_, err = c.ovnNbCommand(
-		"pg-add", sgPortGroupName,
-		"--", "set", "port_group", sgPortGroupName, "external_ids:type=security_group",
-		fmt.Sprintf("external_ids:sg=%s", sgName),
-		fmt.Sprintf("external_ids:name=%s", sgPortGroupName))
-	return err
-}
-
-func (c LegacyClient) DeleteSgPortGroup(sgName string) error {
-	sgPortGroupName := GetSgPortGroupName(sgName)
-	// delete acl
-	if err := c.DeleteACL(sgPortGroupName, ""); err != nil {
-		return err
-	}
-
-	// delete address_set
-	asList, err := c.ListSgRuleAddressSet(sgName, "")
-	if err != nil {
-		return err
-	}
-	for _, as := range asList {
-		if err = c.DeleteAddressSet(as); err != nil {
-			return err
-		}
-	}
-
-	// delete pg
-	err = c.DeletePortGroup(sgPortGroupName)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
 func (c LegacyClient) CreateSgAssociatedAddressSet(sgName string) error {
 	v4AsName := GetSgV4AssociatedName(sgName)
 	v6AsName := GetSgV6AssociatedName(sgName)
@@ -1588,18 +1403,6 @@ func (c *LegacyClient) AclExists(priority, direction string) (bool, error) {
 	return true, nil
 }
 
-func (c *LegacyClient) PortGroupExists(pgName string) (bool, error) {
-	results, err := c.CustomFindEntity("port_group", []string{"_uuid"}, fmt.Sprintf("name=%s", pgName))
-	if err != nil {
-		klog.Errorf("customFindEntity failed, %v", err)
-		return false, err
-	}
-	if len(results) == 0 {
-		return false, nil
-	}
-	return true, nil
-}
-
 func (c *LegacyClient) VpcHasPolicyRoute(vpc string, nextHops []string, priority int32) (bool, error) {
 	// get all policies by vpc
 	outPolicies, err := c.ovnNbCommand("--data=bare", "--no-heading",